2bde3a0369b79f46b300b638fa1020c4c6153f8b81aea74961787d7fe62cb8c8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 08:49

Target

340ab9157d745219b65f6bdb75909a19_JaffaCakes118.dll
Size

121KB
MD5

340ab9157d745219b65f6bdb75909a19
SHA1

755775e8fc6d34b095052048980d7e3baf252d5e
SHA256

2bde3a0369b79f46b300b638fa1020c4c6153f8b81aea74961787d7fe62cb8c8
SHA512

d26c28d15e4eb9240dd91ea76779a33adf3e76edcfa16545f5ef1ae798ebcfd089c3f86bfd5821894c8a46aafdeb0483786c7b2a3adb6a52a3cbe05cd6449b98
SSDEEP

1536:dVfuzrWZVAeqDGIr+CHKlCUAs3P20OJ52dAv1vGYRGRvD5fnL8:LfuzrWZoGIiCHG7u0JSv1pKvVL8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30
PID 2912 wrote to memory of 2452	2912	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\340ab9157d745219b65f6bdb75909a19_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\340ab9157d745219b65f6bdb75909a19_JaffaCakes118.dll,#1
  2⤵
  PID:2452